Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-2057 — SourceCodester Medical Center Portal Management System login.php sql injection

A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in s…

medical_center_portal_management_system | Remote | Injection
Feb 06, 2026 Feb 10, 2026
Feb 06, 2026
Feb 10, 2026
7.7 HIGH
CVE-2025-13523 — Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OA…

Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names …

confluence | Remote | Cross-Site Scripting
Feb 06, 2026 Feb 24, 2026
Feb 06, 2026
Feb 24, 2026
7.5 HIGH
CVE-2026-2056 — D-Link DIR-605L/DIR-619L DHCP Connection Status wan_connection_status.asp information dis…

A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Co…

dir-605l_firmware dir-619l_firmware dir-605l dir-619l | Remote | Information Disclosure
Feb 06, 2026 Feb 17, 2026
Feb 06, 2026
Feb 17, 2026
5.4 MEDIUM
CVE-2026-1337 — Insufficient escaping of unicode characters in query log

Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. The…

neo4j | Remote | Cross-Site Scripting
Feb 06, 2026 Feb 24, 2026
Feb 06, 2026
Feb 24, 2026
8.3 HIGH
CVE-2025-13818 — Local privilege escalation in ESET Management Agent for Windows

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent

management_agent | Misconfiguration
Feb 06, 2026 Feb 18, 2026
Feb 06, 2026
Feb 18, 2026
7.5 HIGH
CVE-2026-2055 — D-Link DIR-605L/DIR-619L DHCP Client Information information disclosure

A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation …

dir-605l_firmware dir-619l_firmware dir-605l dir-619l | Remote | Information Disclosure
Feb 06, 2026 Feb 17, 2026
Feb 06, 2026
Feb 17, 2026
7.5 HIGH
CVE-2026-2054 — D-Link DIR-605L/DIR-619L Wifi Setting information disclosure

A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in inform…

dir-605l_firmware dir-619l_firmware dir-605l dir-619l | Remote | Information Disclosure
Feb 06, 2026 Feb 17, 2026
Feb 06, 2026
Feb 17, 2026
9.8 CRITICAL
CVE-2026-2018 — itsourcecode School Management System controller.php sql injection

A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injecti…

school_management_system school_management_system | Remote | Injection
Feb 06, 2026 Feb 10, 2026
Feb 06, 2026
Feb 10, 2026
Showing 20 of 5068 Results